# vim: filetype=yaml sw=2
debug: '[% GET ! ENV.RBM_NO_DEBUG %]'
output_dir: "out/[% project %]"
tmp_dir: '[% c("basedir") %]/tmp'
build_log: '[% GET ENV.RBM_LOGS_DIR ? ENV.RBM_LOGS_DIR : "logs" %]/[% project %][% IF c("var/osname") %]-[% c("var/osname") %][% END %].log'

pkg_type: build

container:
  disable_network:
    # disable network in the build scripts
    build: 1

steps:
  src-tarballs:
    compress_tar: xz
    src-tarballs: |
      #!/bin/bash
      set -e
      mkdir -p '[% dest_dir %]'
      mv -vf '[% project %]-[% c("version") %].tar.xz' '[% dest_dir %]/[% c("filename") %]'

  list_toolchain_updates:
    build_log: '-'
    list_toolchain_updates: '[% INCLUDE list_toolchain_updates %]'

  cargo_vendor:
    output_dir: "out/[% project %]/cargo_vendor"
    var:
      container:
        suite: bullseye
        arch: amd64
      pre_pkginst: ''
      deps:
        - bzip2
        - ca-certificates
        - patch
        - xz-utils
    cargo_vendor: |
      #!/bin/bash
      [% c("var/set_default_env") %]
      mkdir /var/tmp/dist
      # NOTE: since different projects need different rust versions,
      # we use the version of cargo produced by the rust project
      # build rather than the build container's debian package.
      # Thus, any project that wants to run a `cargo_vendor` step
      # must be sure to provide the rust project as an `input_file`.
      # See, e.g.,`application-services/config.steps.cargo_vendor.input_files`.
      tar -C /var/tmp/dist -xf [% c('input_files_by_name/rust') %]
      export PATH="/var/tmp/dist/rust/bin:$PATH"
      tar -xf [% project %]-[% c('version') %].tar.gz
      cd [% project %]-[% c('version') %]
      [% c("var/pre_cargo_vendor") %]
      cargo vendor vendor [% c("var/cargo_vendor_opts") %]
      [% c('tar', {
        tar_src => [ 'vendor' ],
        tar_args => '-caf ' _ dest_dir _ '/' _ c('filename'),
        }) %]
      cd [% dest_dir %]
      fname="out/[% project %]/cargo_vendor/[% c('filename') %]"
      echo
      echo "Finished creating $fname"
      sha256sum "[% c('filename') %]"
      echo "You can upload it with:"
      echo "  scp -p $fname people.torproject.org:public_html/mirrors/sources"

  go_vendor:
    filename: '[% project %]-vendor-[% c("version") %]-[% c("var/build_id") %].tar.gz'
    output_dir: "out/[% project %]/go_vendor"
    go_vendor: |
      #!/bin/bash
      [% c("var/set_default_env") %]
      [% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %]
      mkdir -p /var/tmp/build
      tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
      cd /var/tmp/build/[% project %]-[% c('version') %]
      go mod vendor
      [% c('tar', {
        tar_src => [ 'vendor' ],
        tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
        }) %]

    input_files:
      - project: container-image
        pkg_type: build
      - name: go
        project: go
        pkg_type: build

# buildconf contains build options that the user can change in rbm.local.conf
# When adding a new option to buildconf, a default value should be defined
# in var/build_id, so that changing this option does not affect the build_id.
buildconf:
  git_signtag_opt: '-s'
  deb_native_arch: arm64

var:
  torbrowser_version: '12.5'
  torbrowser_build: 'build2'
  torbrowser_incremental_from:
    - 12.0.7
    - 12.0.6
    - 12.0.5
  updater_enabled: 1
  build_mar: 1
  mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]'

  # By default, we sort the list of installed packages. This allows sharing
  # containers with identical list of packages, even if they are not listed
  # in the same order. In the cases where the installation order is
  # important, sort_deps should be set to 0.
  sort_deps: 1
  build_id: '[% sha256(c("var/build_id_txt", { num_procs => 4 })).substr(0, 6) %]'
  build_id_txt: |
    [% c("version") %]
    [% IF c("git_url") || c("hg_url"); GET c("abbrev"); END; %]
    [% IF c("container/use_container") && ! c("container/global_disable") -%]
    [% c("var/container/suite") %]
    [% c("var/container/arch") %]
    [% END -%]
    input_files: [% c("input_files_id") %]
    build:
    [% SET step = c("step") -%]
    [% c(step, { filename => 'f', output_dir => '/out', norec => {} }) %]

  exe_name: firefox
  locale_ja: ja
  locales:
    - ar
    - ca
    - cs
    - da
    - de
    - el
    - es-ES
    - fa
    - fi
    - fr
    - ga-IE
    - he
    - hu
    - id
    - is
    - it
    - '[% c("var/locale_ja") %]'
    - ka
    - ko
    - lt
    - mk
    - ms
    - my
    - nb-NO
    - nl
    - pl
    - pt-BR
    - ro
    - ru
    - sq
    - sv-SE
    - th
    - tr
    - uk
    - vi
    - zh-CN
    - zh-TW
  locales_mobile:
    - ar
    - ca
    - cs
    - da
    - de
    - el
    - es-rES
    - fa
    - fi
    - fr
    - ga-rIE
    - hu
    - in
    - is
    - it
    - iw
    - ja
    - ka
    - ko
    - lt
    - my
    - nb-rNO
    - nl
    - pl
    - pt-rBR
    - ro
    - ru
    - sq
    - sv-rSE
    - th
    - tr
    - uk
    - vi
    - zh-rCN
    - zh-rTW

  rlbox: 1

  sign_build: '[% ENV.RBM_SIGN_BUILD %]'
  sign_build_gpg_opts: '[% ENV.RBM_GPG_OPTS %]'

  set_default_env: |
    set -e
    [% FOREACH env = c('ENV') -%]
    export [% env.key %]="[% env.value %]"
    [% END -%]
    rootdir=$(pwd)
    export SHELL=/bin/bash
    export HOME=$rootdir
    umask 0022
    [% IF c("container/global_disable") -%]
      rm -Rf /var/tmp/build /var/tmp/dist
    [% END -%]

  DOCSDIR_project: '[% project %]'

targets:
  notarget: linux-x86_64
  noint:
    debug: 0

  release:
    var:
      release: 1
      channel: release
  alpha:
    var:
      alpha: 1
      channel: alpha
  nightly:
    fetch: 1
    var:
      nightly: 1
      channel: nightly
      torbrowser_version: |
        [%
           IF ENV.TORBROWSER_NIGHTLY_VERSION;
                GET ENV.TORBROWSER_NIGHTLY_VERSION;
           ELSIF c("var/testbuild");
                GET "testbuild";
           ELSE;
                GET c("var_p/nightly_torbrowser_version");
           END;
        -%]
      max_torbrowser_incremental_from: 2
      build_infos_json: 1

  torbrowser:
    var:
      tor-browser: 1
      project-name: tor-browser
      projectname: torbrowser
      Project_Name: 'Tor Browser'
      ProjectName: TorBrowser

  basebrowser:
    var:
      base-browser: 1
      project-name: base-browser
      projectname: basebrowser
      Project_Name: 'Base Browser'
      ProjectName: BaseBrowser
      updater_enabled: '[% c("var/nightly") %]'

  mullvadbrowser:
    var:
      mullvad-browser: 1
      project-name: mullvad-browser
      projectname: mullvadbrowser
      Project_Name: 'Mullvad Browser'
      ProjectName: MullvadBrowser
      exe_name: mullvadbrowser
      mar_channel_id: '[% c("var/projectname") %]-mullvad-[% c("var/channel") %]'
      locales: []
      torbrowser_build: 'build1'

  torbrowser-testbuild:
    - testbuild
    - alpha
    - torbrowser
  basebrowser-testbuild:
    - testbuild
    - alpha
    - basebrowser
  mullvadbrowser-testbuild:
    - testbuild
    - alpha
    - mullvadbrowser
  testbuild:
    var:
      testbuild: 1
      # Don't create mar files to save time
      build_mar: 0
      # Building only one architecture saves a lot of time
      android_single_arch: 1

  torbrowser-android-armv7:
    - android-armv7
    - android
    - torbrowser
  basebrowser-android-armv7:
    - android-armv7
    - android
    - basebrowser
  android-armv7:
    arch: armv7
    var:
      android-armv7: 1
      osname: android-armv7
      toolchain_arch: arm
      abi: armeabi-v7a
      cross_prefix: armv7a-linux-androideabi
  torbrowser-android-x86:
    - android-x86
    - android
    - torbrowser
  basebrowser-android-x86:
    - android-x86
    - android
    - basebrowser
  android-x86:
    arch: x86
    var:
      android-x86: 1
      osname: android-x86
      toolchain_arch: x86
      abi: x86
      cross_prefix: i686-linux-android
  torbrowser-android-x86_64:
    - android-x86_64
    - android
    - torbrowser
  basebrowser-android-x86_64:
    - android-x86_64
    - android
    - basebrowser
  android-x86_64:
    arch: x86_64
    var:
      android-x86_64: 1
      osname: android-x86_64
      toolchain_arch: x86_64
      abi: x86_64
      cross_prefix: x86_64-linux-android
  torbrowser-android-aarch64:
    - android-aarch64
    - android
    - torbrowser
  basebrowser-android-aarch64:
    - android-aarch64
    - android
    - basebrowser
  android-aarch64:
    arch: aarch64
    var:
      android-aarch64: 1
      osname: android-aarch64
      toolchain_arch: arm64
      abi: arm64-v8a
      cross_prefix: aarch64-linux-android
  android:
    container:
      disable_network:
        # Disable network in the script for merging GeckoView .aar files
        merge_aars: 1
    var:
      android: 1
      compiler: android-toolchain
      android_min_api: '[% GET c("var/android_min_api_" _ c("arch")) %]'
      CC: '[% c("var/cross_prefix") %][% c("var/android_min_api") %]-clang'
      CXX: '[% c("var/cross_prefix") %][% c("var/android_min_api") %]-clang'
      # API 21 is the minimum we currently support on Android
      android_min_api_armv7: 21
      android_min_api_x86: 21
      android_min_api_x86_64: 21
      android_min_api_aarch64: 21
      container:
        suite: bullseye
        arch: amd64
      deps:
        - build-essential
        - bison
        - python3
        - python3-distutils
        - python3-venv
        - automake
        - libtool
        - zip
        - unzip
        - libtinfo5
        - libssl-dev
        - pkg-config
        - zlib1g-dev
      configure_opt: '--host=[% c("var/cross_prefix") %] CC=[% c("var/CC") %] [% c("var/configure_opt_project") %]'

      pre_pkginst: |
          SNAPSHOT_VERSION=20191201T212855Z
          OPENJDK_URL=https://snapshot.debian.org/archive/debian/$SNAPSHOT_VERSION/pool/main/o/openjdk-8
          JDK_VERSION=8u232-b09-1~deb9u1_amd64
          apt-get install -y -q wget ca-certificates-java
          wget $OPENJDK_URL/openjdk-8-jdk-headless_$JDK_VERSION.deb
          wget $OPENJDK_URL/openjdk-8-jre-headless_$JDK_VERSION.deb
          echo 92b4f8fb77d793a86e0b03b3b0750592b40a26a5d75956d10dd984a7b3aad4c9 openjdk-8-jdk-headless_$JDK_VERSION.deb | sha256sum -c
          echo 84bf52b6cce20ead08b0d5b9fd9b81b4aa3da385ca951b313fe11d5cb1aa4d17 openjdk-8-jre-headless_$JDK_VERSION.deb | sha256sum -c
          apt-get install -y -q ./openjdk-8-jre-headless_$JDK_VERSION.deb ./openjdk-8-jdk-headless_$JDK_VERSION.deb
  torbrowser-linux-x86_64:
    - linux-x86_64
    - linux
    - torbrowser
  basebrowser-linux-x86_64:
    - linux-x86_64
    - linux
    - basebrowser
  mullvadbrowser-linux-x86_64:
    - linux-x86_64
    - linux
    - mullvadbrowser
  torbrowser-linux-x86_64-asan:
    - linux-asan
    - linux-x86_64
    - linux
    - torbrowser
  basebrowser-linux-x86_64-asan:
    - linux-asan
    - linux-x86_64
    - linux
    - basebrowser
  mullvadbrowser-linux-x86_64-asan:
    - linux-asan
    - linux-x86_64
    - linux
    - mullvadbrowser
  torbrowser-linux-i686:
    - linux-i686
    - linux
    - torbrowser
  basebrowser-linux-i686:
    - linux-i686
    - linux
    - basebrowser
  torbrowser-linux-arm64:
    - linux-arm64
    - linux
    - torbrowser
  basebrowser-linux-arm64:
    - linux-arm64
    - linux
    - basebrowser
  torbrowser-linux-armhf:
    - linux-armhf
    - linux
    - torbrowser
  basebrowser-linux-armhf:
    - linux-armhf
    - linux
    - basebrowser
  torbrowser-linux-arm:
    - linux-arm
    - linux-cross
    - linux
    - torbrowser
  basebrowser-linux-arm:
    - linux-arm
    - linux-cross
    - linux
    - basebrowser
  linux-x86_64:
    arch: x86_64
    var:
      linux-x86_64: 1
      osname: linux-x86_64
      linux-cross: 0
      gnu-build-triplet: x86_64-unknown-linux-gnu
      gnu-host-triplet: x86_64-unknown-linux-gnu
      arch_debian: amd64
  linux-i686:
    arch: i686
    var:
      linux-i686: 1
      osname: linux-i686
      linux-cross: 0
      gnu-build-triplet: x86_64-unknown-linux-gnu
      gnu-host-triplet: i686-unknown-linux-gnu
      configure_opt: '--host=i686-linux-gnu CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32 [% c("var/configure_opt_project") %]'
      arch_debian: i386
  linux-arm64:
    arch: aarch64
    var:
      linux-arm64: 1
      osname: linux-arm64
      linux-cross: 0
      gnu-build-triplet: aarch64-unknown-linux-gnu
      gnu-host-triplet: aarch64-unknown-linux-gnu
      arch_debian: arm64
      container:
        arch: arm64
        # jessie is the first 64-bit arm release...and has a bug
        # in glibc which fails firefox build (dlopen: cannot load any more object with static TLS)
        # and for whatever reason newer distros no longer work if built on
        # stretch either
        suite: buster
      pre_pkginst: ''
      deps:
        - ca-certificates
        - pkg-config
        - libssl-dev
        - build-essential
        - python
        - bison
        - automake
        - libtool
        - zip
        - unzip
        - xz-utils
        - patch
  linux-armhf:
    arch: arm
    var:
      linux-armhf: 1
      osname: linux-armhf
      linux-cross: 0
      gnu-build-triplet: armv7-unknown-linux-gnueabihf
      gnu-host-triplet: armv7-unknown-linux-gnueabihf
      configure_opt: '--build=[% c("var/gnu-build-triplet") %] --host=[% c("var/gnu-host-triplet") %] [% c("var/configure_opt_project") %]'
      arch_debian: armhf
      container:
        arch: armhf
        suite: buster
      pre_pkginst: ''
      deps:
        - ca-certificates
        - pkg-config
        - libssl-dev
        - build-essential
        - python
        - bison
        #- hardening-wrapper
        - automake
        - libtool
        - zip
        - unzip
        - xz-utils
        - patch
  linux-arm:
    arch: arm
    var:
      linux-arm: 1
      osname: linux-arm
      crosstarget: arm-linux-gnueabihf
      arch_debian: armhf
  linux-cross:
    var:
      linux-cross: 1
      container:
        arch: amd64
      configure_opt: '--host=[% c("var/crosstarget") %] [% c("var/configure_opt_project") %]'
  linux:
    var:
      linux: 1
      compiler: gcc
      configure_opt: '[% c("var/configure_opt_project") %]'
      # Only build Namecoin for linux on nightly
      # Temporarily disabled until we have a fix for tor-browser-build#40845
      #namecoin: '[% c("var/nightly") && c("var/tor-browser") %]'
      container:
        suite: jessie
        arch: amd64
      pre_pkginst: dpkg --add-architecture i386
      deps:
        - ca-certificates
        - libc6-dev-i386
        - lib32stdc++6
        - pkg-config
        - libssl-dev
        - build-essential
        - python
        - bison
        - hardening-wrapper
        - automake
        - libtool
        - zip
        - unzip
        - xz-utils
        - patch
  linux-asan:
    var:
      asan: 1
      # RLBox needs clang to create .wasm files but we use mostly GCC for our
      # ASan builds. Thus, the compilation currently breaks with RLBox enabled.
      # See: tor-browser-build#40063.
      rlbox: 0

  torbrowser-windows-i686:
    - windows-i686
    - windows
    - torbrowser
  basebrowser-windows-i686:
    - windows-i686
    - windows
    - basebrowser
  torbrowser-windows-x86_64:
    - windows-x86_64
    - windows
    - torbrowser
  basebrowser-windows-x86_64:
    - windows-x86_64
    - windows
    - basebrowser
  mullvadbrowser-windows-x86_64:
    - windows-x86_64
    - windows
    - mullvadbrowser
  windows-x86_64:
    arch: x86_64
    var:
      windows-x86_64: 1
      windows-i686: 0
      osname: windows-x86_64
      gnu-build-triplet: x86_64-unknown-linux-gnu
      gnu-host-triplet: x86_64-pc-windows-gnu
  windows-i686:
    arch: i686
    var:
      windows-i686: 1
      windows-x86_64: 0
      osname: windows-i686
      gnu-build-triplet: x86_64-unknown-linux-gnu
      gnu-host-triplet: i686-pc-windows-gnu
      # mingw-w64 does not support SEH on 32bit systems. Be explicit about that.
      flag_noSEH: '-Wl,--no-seh'
  windows:
    var:
      windows: 1
      container:
        suite: bullseye
        arch: amd64
      configure_opt: '--host=[% c("arch") %]-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]" [% c("var/configure_opt_project") %]'
      CFLAGS: '-fstack-protector-strong -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security [% c("var/flag_mwindows") %]'
      LDFLAGS: '-Wl,--no-insert-timestamp [% c("var/flag_noSEH") %] [% c("var/flag_mwindows") %]'
      flag_mwindows: '-Wl,--subsystem,windows'
      compiler: mingw-w64-clang
      deps:
        - build-essential
        - python3
        - python3-distutils
        - bison
        - automake
        - libtool
        - zip
        - unzip
        - libssl-dev
        - zlib1g-dev

  torbrowser-macos:
    - macos-universal
    - macos-x86_64
    - macos
    - torbrowser
  torbrowser-macos-x86_64:
    - macos-x86_64
    - macos
    - torbrowser
  torbrowser-macos-aarch64:
    - macos-aarch64
    - macos
    - torbrowser
  basebrowser-macos:
    - macos-universal
    - macos-x86_64
    - macos
    - basebrowser
  basebrowser-macos-x86_64:
    - macos-x86_64
    - macos
    - basebrowser
  basebrowser-macos-aarch64:
    - macos-aarch64
    - macos
    - basebrowser
  mullvadbrowser-macos:
    - macos-universal
    - macos-x86_64
    - macos
    - mullvadbrowser
  mullvadbrowser-macos-x86_64:
    - macos-x86_64
    - macos
    - mullvadbrowser
  mullvadbrowser-macos-aarch64:
    - macos-aarch64
    - macos
    - mullvadbrowser
  macos-universal:
    var:
      macos_universal: 1
  macos-aarch64:
    arch: aarch64
    var:
      macos-aarch64: 1
      macos-x86_64: 0
      osname: macos-aarch64
      macos_arch: arm64
      build_target: aarch64-apple-darwin
      gnu-build-triplet: x86_64-unknown-linux-gnu
      gnu-host-triplet: aarch64-apple-darwin
      macosx_deployment_target: '11.0'
  macos-x86_64:
    arch: x86_64
    var:
      macos-x86_64: 1
      osname: macos-x86_64
      macos_arch: x86_64
      build_target: x86_64-apple-darwin
      gnu-build-triplet: x86_64-unknown-linux-gnu
      gnu-host-triplet: x86_64-apple-darwin11
      macosx_deployment_target: '10.12'
  macos:
    var:
      macos: 1
      osname: macos
      container:
        suite: bullseye
        arch: amd64
      compiler: 'macosx-toolchain'
      configure_opt: '--host=[% c("var/build_target") %] CC="[% c("var/build_target") %]-clang [% c("var/FLAGS") %]" CXX="[% c("var/build_target") %]-clang++ [% c("var/FLAGS") %]" [% c("var/configure_opt_project") %]'
      FLAGS: "-target [% c('var/build_target') %] -B $cctoolsdir -isysroot $sysrootdir [% IF c('var/macos-aarch64') %]-mcpu=apple-m1[% END %]"
      LDFLAGS: "-Wl,-syslibroot,$sysrootdir -Wl,-dead_strip -Wl,-pie"
      locale_ja: ja-JP-mac
      deps:
        - build-essential
        - faketime
        - python3
        - python3-distutils
        - automake
        - bison
        - libtool
        - zip
        - unzip
        - libssl-dev
        - zlib1g-dev
      faketime_path: /usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1

  # The no_build_id target can be useful if you want to quickly display
  # a build template or other option but don't want to spend time to
  # compute the various build ids
  no_build_id:
    # The defaut timestamp value will use the commit time of the
    # selected commit for the project, which will require cloning the
    # git repository if it is not present. When we use the no_build_id
    # target to display a script, we usually don't care about such
    # details, so we set timestamp to 0 to avoid unnecessary cloning.
    timestamp: 0
    var:
      build_id: 1

  no_containers:
    container:
      global_disable: 1

# allow git tag signed using an expired key.
# https://bugs.torproject.org/19737
gpg_allow_expired_keys: 1

--- |
  # This part of the file contains options written in perl
  use IO::CaptureOutput qw(capture_exec);
  (
    var_p => {
      nightly_torbrowser_version => sub {
        state $version = '';
        return $version if $version;
        my (undef, undef, undef, $day, $mon, $year) = gmtime;
        $version = sprintf("tbb-nightly.%u.%02u.%02u", $year + 1900, $mon + 1, $day);
        return $version;
      },
      nightly_torbrowser_incremental_from => sub {
        my ($project, $options) = @_;
        my $nightly_dir = project_config($project, 'basedir', $options) . '/' .
                project_config($project, 'var/projectname', $options) . '/nightly';
        my $current_version = project_config($project, 'var/torbrowser_version', $options);
        use Path::Tiny;
        return [] unless -d $nightly_dir;
        my @dirs = sort map { $_->basename } path($nightly_dir)->children(qr/^tbb-nightly\./);
        my $nb_incr = project_config($project, ['var', 'max_torbrowser_incremental_from'], $options);
        my @res;
        while ($nb_incr > 0) {
          my $dir = pop @dirs;
          last unless $dir;
          next if $dir eq $current_version;
          $nb_incr--;
          push @res, $dir;
        }
        return [@res];
      },
    },
  )
